WGU D488 Security Architecture actual exam
2026/2027 Edition
70 Questions | Verified Content
Key Features
● ✓ Security architecture principles and design concepts
● ✓ Cryptography and PKI implementation
● ✓ Identity and Access Management (IAM) architectures
● ✓ Secure network design and perimeter defense
● ✓ Security models, frameworks, and compliance standards
Updates for 2026
● Updated NIST Cybersecurity Framework (CSF) 2.0 integration in enterprise architecture.
● Revised zero trust architecture (ZTA) implementation standards for cloud and hybrid
environments.
● New (ISC)² and ISACA guidelines for securing AI and machine learning workloads.
Abstract
This document provides a comprehensive assessment of foundational and advanced concepts in security
architecture. It covers secure design principles, cryptographic applications, network security, and the
alignment of security strategies with business objectives as taught in the WGU D488 course. The content
is designed to validate proficiency in designing, implementing, and managing enterprise security
architectures in accordance with current industry standards.
Keywords
WGU D488, Security Architecture, Cryptography, PKI, Zero Trust, IAM, NIST, Secure Network Design,
CISSP Domains, Enterprise Security
Answer Format
Questions are presented in bold black text. Choices (A, B, C, D) are in standard black text. The correct
answer is highlighted in bold. Rationales and "Why Wrong" explanations are provided in italicized to
facilitate targeted review.
✓ Compliance Checklist
● ✓ Adheres to 2026 WGU/(ISC)² guidelines
● ✓ Contains exactly 70 questions
● ✓ Strict color formatting applied (#32CD32, #000000, #00545f, #063f47)
● ✓ Optimized for Microsoft Word (DOCX) compatibility
,Content Area Overview
Content Area Questio Key Topics Weig
ns ht
Security Architecture 1-12 Zachman, TOGAF, SABSA, CIA, Defense in 17%
Principles Depth
Business, Legal, Regulatory 13-23 GDPR, HIPAA, PCI-DSS, BIA, BCP, DRP 16%
Cryptography and PKI 24-35 AES, RSA, ECC, Hashing, Digital Signatures, 17%
CA
Identity and Access 36-47 SAML, OAuth, OIDC, RADIUS, Kerberos, 17%
Management MFA
Secure Network Design 48-59 VLANs, Firewalls, IDS/IPS, DMZ, Zero Trust 17%
Security Models & 60-70 Bell-LaPadula, Biba, NIST CSF, ISO 27001, 16%
Frameworks COBIT
Examination Questions
Domain: Security Architecture Principles and Design Concepts
1. Which security architecture framework focuses primarily on business requirements and
maps them to security solutions?
A. Zachman Framework
B. SABSA (Sherwood Applied Business Security Architecture)
C. TOGAF
D. DoDAF
Correct Answer: B
Rationale: SABSA is a business-driven framework that starts with business requirements and derives
security architecture from them.
Why Wrong: A is an ontology, not primarily business-driven. C is a general enterprise architecture
framework. D is for Department of Defense.
Reference: WGU D488 Module 1, SABSA Institute
,2. The principle that ensures a system remains in a secure state in the event of a failure is
known as:
A. Fail-open
B. Fail-secure
C. Least privilege
D. Economy of mechanism
Correct Answer: B
Rationale: Fail-secure (or fail-safe) ensures that when a system fails, it defaults to a secure state,
denying access rather than granting it.
Why Wrong: A defaults to an insecure state. C restricts user permissions. D advocates for simple design.
Reference: WGU D488 Module 1, Saltzer and Schroeder principles
3. Which of the following best describes the concept of "Defense in Depth"?
A. Relying on a single, highly robust firewall
B. Implementing multiple, layered security controls
C. Hiding the security mechanisms from users
D. Granting maximum privileges to ensure operational efficiency
Correct Answer: B
Rationale: Defense in Depth employs multiple, overlapping security controls across different layers to
protect assets.
Why Wrong: A is a single point of failure. C describes security through obscurity. D violates least privilege.
Reference: WGU D488 Module 1, NIST SP 800-53
4. In the Zachman Framework, which perspective answers the question "How"?
A. Motivational
B. Functional
C. Data
D. People
Correct Answer: B
, Rationale: The Functional perspective in the Zachman Framework addresses the "How" (processes and
functions) of the enterprise.
Why Wrong: A answers "Why". C answers "What". D answers "Who".
Reference: WGU D488 Module 1, Zachman International
5. Which design principle states that security mechanisms should not be hidden or rely on
obscurity?
A. Complete mediation
B. Open design
C. Psychological acceptability
D. Work factor
Correct Answer: B
Rationale: Open design dictates that the security of a mechanism should not depend on the secrecy of its
design or implementation.
Why Wrong: A requires checking every access. C means the mechanism must be easy to use. D relates to
the cost of breaking the mechanism.
Reference: WGU D488 Module 1, Saltzer and Schroeder
6. What is the primary goal of the "Least Privilege" principle?
A. To ensure users have enough access to perform their jobs and no more
B. To separate duties among multiple users
C. To log all user activities for auditing
D. To encrypt all data at rest
Correct Answer: A
Rationale: Least privilege ensures that subjects are granted only the permissions necessary to perform
their official functions.
Why Wrong: B describes Separation of Duties. C describes Auditing. D describes Encryption.
Reference: WGU D488 Module 1, NIST SP 800-53
7. Which enterprise architecture framework is developed by The Open Group?
2026/2027 Edition
70 Questions | Verified Content
Key Features
● ✓ Security architecture principles and design concepts
● ✓ Cryptography and PKI implementation
● ✓ Identity and Access Management (IAM) architectures
● ✓ Secure network design and perimeter defense
● ✓ Security models, frameworks, and compliance standards
Updates for 2026
● Updated NIST Cybersecurity Framework (CSF) 2.0 integration in enterprise architecture.
● Revised zero trust architecture (ZTA) implementation standards for cloud and hybrid
environments.
● New (ISC)² and ISACA guidelines for securing AI and machine learning workloads.
Abstract
This document provides a comprehensive assessment of foundational and advanced concepts in security
architecture. It covers secure design principles, cryptographic applications, network security, and the
alignment of security strategies with business objectives as taught in the WGU D488 course. The content
is designed to validate proficiency in designing, implementing, and managing enterprise security
architectures in accordance with current industry standards.
Keywords
WGU D488, Security Architecture, Cryptography, PKI, Zero Trust, IAM, NIST, Secure Network Design,
CISSP Domains, Enterprise Security
Answer Format
Questions are presented in bold black text. Choices (A, B, C, D) are in standard black text. The correct
answer is highlighted in bold. Rationales and "Why Wrong" explanations are provided in italicized to
facilitate targeted review.
✓ Compliance Checklist
● ✓ Adheres to 2026 WGU/(ISC)² guidelines
● ✓ Contains exactly 70 questions
● ✓ Strict color formatting applied (#32CD32, #000000, #00545f, #063f47)
● ✓ Optimized for Microsoft Word (DOCX) compatibility
,Content Area Overview
Content Area Questio Key Topics Weig
ns ht
Security Architecture 1-12 Zachman, TOGAF, SABSA, CIA, Defense in 17%
Principles Depth
Business, Legal, Regulatory 13-23 GDPR, HIPAA, PCI-DSS, BIA, BCP, DRP 16%
Cryptography and PKI 24-35 AES, RSA, ECC, Hashing, Digital Signatures, 17%
CA
Identity and Access 36-47 SAML, OAuth, OIDC, RADIUS, Kerberos, 17%
Management MFA
Secure Network Design 48-59 VLANs, Firewalls, IDS/IPS, DMZ, Zero Trust 17%
Security Models & 60-70 Bell-LaPadula, Biba, NIST CSF, ISO 27001, 16%
Frameworks COBIT
Examination Questions
Domain: Security Architecture Principles and Design Concepts
1. Which security architecture framework focuses primarily on business requirements and
maps them to security solutions?
A. Zachman Framework
B. SABSA (Sherwood Applied Business Security Architecture)
C. TOGAF
D. DoDAF
Correct Answer: B
Rationale: SABSA is a business-driven framework that starts with business requirements and derives
security architecture from them.
Why Wrong: A is an ontology, not primarily business-driven. C is a general enterprise architecture
framework. D is for Department of Defense.
Reference: WGU D488 Module 1, SABSA Institute
,2. The principle that ensures a system remains in a secure state in the event of a failure is
known as:
A. Fail-open
B. Fail-secure
C. Least privilege
D. Economy of mechanism
Correct Answer: B
Rationale: Fail-secure (or fail-safe) ensures that when a system fails, it defaults to a secure state,
denying access rather than granting it.
Why Wrong: A defaults to an insecure state. C restricts user permissions. D advocates for simple design.
Reference: WGU D488 Module 1, Saltzer and Schroeder principles
3. Which of the following best describes the concept of "Defense in Depth"?
A. Relying on a single, highly robust firewall
B. Implementing multiple, layered security controls
C. Hiding the security mechanisms from users
D. Granting maximum privileges to ensure operational efficiency
Correct Answer: B
Rationale: Defense in Depth employs multiple, overlapping security controls across different layers to
protect assets.
Why Wrong: A is a single point of failure. C describes security through obscurity. D violates least privilege.
Reference: WGU D488 Module 1, NIST SP 800-53
4. In the Zachman Framework, which perspective answers the question "How"?
A. Motivational
B. Functional
C. Data
D. People
Correct Answer: B
, Rationale: The Functional perspective in the Zachman Framework addresses the "How" (processes and
functions) of the enterprise.
Why Wrong: A answers "Why". C answers "What". D answers "Who".
Reference: WGU D488 Module 1, Zachman International
5. Which design principle states that security mechanisms should not be hidden or rely on
obscurity?
A. Complete mediation
B. Open design
C. Psychological acceptability
D. Work factor
Correct Answer: B
Rationale: Open design dictates that the security of a mechanism should not depend on the secrecy of its
design or implementation.
Why Wrong: A requires checking every access. C means the mechanism must be easy to use. D relates to
the cost of breaking the mechanism.
Reference: WGU D488 Module 1, Saltzer and Schroeder
6. What is the primary goal of the "Least Privilege" principle?
A. To ensure users have enough access to perform their jobs and no more
B. To separate duties among multiple users
C. To log all user activities for auditing
D. To encrypt all data at rest
Correct Answer: A
Rationale: Least privilege ensures that subjects are granted only the permissions necessary to perform
their official functions.
Why Wrong: B describes Separation of Duties. C describes Auditing. D describes Encryption.
Reference: WGU D488 Module 1, NIST SP 800-53
7. Which enterprise architecture framework is developed by The Open Group?
